# Conflicts:

#	NOTICE
#	pom.xml
#	provider/partition-azure/pom.xml

devops/azure/chart/templates/deployment.yaml

@@ -63,6 +63,8 @@ spec:
           value: "80"
         - name: ACCEPT_HTTP  # TEMPORARY UNTIL HTTPS
           value: "true"
+        - name: partition_spring_logging_level
+          value: INFO
         - name: KEYVAULT_URI
           valueFrom:
             configMapKeyRef:

partition-core/pom.xml

@@ -16,9 +16,7 @@
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
-	<groupId>org.opengroup.osdu</groupId>
 	<artifactId>partition-core</artifactId>
-	<version>0.9.0-SNAPSHOT</version>
 	<description>Core project for the partition service</description>
 	<packaging>jar</packaging>
 
@@ -42,9 +40,6 @@
 		<cobertura_maven_plugin_version>2.7</cobertura_maven_plugin_version>
 		<maven_surefire_plugin_version>3.0.0-M4</maven_surefire_plugin_version>
 		<maven_failsafe_plugin_version>3.0.0-M4</maven_failsafe_plugin_version>
-		<!--
-		<springfox-version>2.9.2</springfox-version>
-		-->
 	</properties>
 
 	<dependencies>
@@ -56,27 +51,10 @@
 		<dependency>
 			<groupId>org.opengroup.osdu</groupId>
 			<artifactId>os-core-common</artifactId>
-			<version>${os-core-common.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.elasticsearch.client</groupId>
-					<artifactId>elasticsearch-rest-client</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.tomcat.embed</groupId>
-			<artifactId>tomcat-embed-core</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<exclusions>
-				<exclusion>
-					<groupId>org.springframework.boot</groupId>
-					<artifactId>spring-boot-starter-tomcat</artifactId>
-				</exclusion>
-			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -93,12 +71,6 @@
 			</exclusions>
 		</dependency>
 
-		<dependency>
-			<groupId>com.auth0</groupId>
-			<artifactId>jwks-rsa</artifactId>
-			<version>0.12.0</version>
-		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-validation</artifactId>
@@ -158,6 +130,15 @@
 			<groupId>io.springfox</groupId>
 			<artifactId>springfox-swagger2</artifactId>
 			<version>${springfox-version}</version>
+			<exclusions>
+				<exclusion>
+					<!--
+					Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
+					-->
+					<groupId>com.google.guava</groupId>
+					<artifactId>guava</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>io.springfox</groupId>

pom.xml

@@ -26,8 +26,8 @@
     <maven.compiler.target>1.8</maven.compiler.target>
     <maven.compiler.source>1.8</maven.compiler.source>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <os-core-common.version>0.9.0-rc6</os-core-common.version>
-    <tomcat_embed_core_version>9.0.37</tomcat_embed_core_version>
+    <os-core-common.version>0.9.0-rc7</os-core-common.version>
+    <org.springframework.boot.version>2.4.5</org.springframework.boot.version>
   </properties>
 
   <packaging>pom</packaging>
@@ -35,18 +35,13 @@
   <dependencyManagement>
     <dependencies>
       <dependency>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-dependencies</artifactId>
-        <version>2.3.5.RELEASE</version>
+        <groupId>org.opengroup.osdu</groupId>
+        <artifactId>os-core-common</artifactId>
+        <version>${os-core-common.version}</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
 
-      <dependency>
-        <groupId>org.apache.tomcat.embed</groupId>
-        <artifactId>tomcat-embed-core</artifactId>
-        <version>${tomcat_embed_core_version}</version>
-      </dependency>
       <dependency>
         <groupId>org.apache.httpcomponents</groupId>
         <artifactId>httpclient</artifactId>
@@ -62,6 +57,14 @@
             <groupId>org.elasticsearch.client</groupId>
             <artifactId>elasticsearch-rest-client</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>org.elasticsearch</groupId>
+            <artifactId>elasticsearch</artifactId>
+          </exclusion>
+          <exclusion>
+            <groupId>org.elasticsearch.client</groupId>
+            <artifactId>elasticsearch-rest-high-level-client</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
     </dependencies>
@@ -82,7 +85,7 @@
         <plugin>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-maven-plugin</artifactId>
-          <version>2.3.1.RELEASE</version>
+          <version>${org.springframework.boot.version}</version>
         </plugin>
       </plugins>
     </pluginManagement>

provider/partition-aws/pom.xml

@@ -27,7 +27,6 @@
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>partition-aws</artifactId>
-    <version>0.9.0-SNAPSHOT</version>
     <description>Partition service on AWS</description>
     <packaging>jar</packaging>
 
@@ -63,7 +62,7 @@
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>partition-core</artifactId>
-            <version>0.9.0-SNAPSHOT</version>
+            <version>${project.version}</version>
         </dependency>
 
         <!-- AWS managed packages -->

provider/partition-azure/pom.xml

@@ -10,20 +10,15 @@
 
   <modelVersion>4.0.0</modelVersion>
   <artifactId>partition-azure</artifactId>
-  <version>0.9.0-SNAPSHOT</version>
   <description>Partition service on Azure</description>
   <packaging>jar</packaging>
 
   <properties>
-    <osdu.partition-core.version>0.9.0-SNAPSHOT</osdu.partition-core.version>
-    <osdu.corelibazure.version>0.9.0-rc2</osdu.corelibazure.version>
-    <osdu.oscorecommon.version>0.9.0-rc6</osdu.oscorecommon.version>
-    <azure.version>2.3.5</azure.version>
+    <osdu.corelibazure.version>0.9.0-rc3</osdu.corelibazure.version>
     <junit.version>4.12</junit.version>
     <mockito.version>2.25.0</mockito.version>
     <powermock.version>2.0.2</powermock.version>
-    <nimbus-jose-jwt>7.9</nimbus-jose-jwt>
-    <jwks-rsa>0.12.0</jwks-rsa>
+    <json-smart.version>2.4.6</json-smart.version>
   </properties>
 
   <dependencyManagement>
@@ -44,7 +39,7 @@
     <dependency>
       <groupId>org.opengroup.osdu</groupId>
       <artifactId>partition-core</artifactId>
-      <version>${osdu.partition-core.version}</version>
+      <version>${project.version}</version>
     </dependency>
     <dependency>
       <groupId>org.opengroup.osdu</groupId>
@@ -54,12 +49,16 @@
     <dependency>
       <groupId>org.opengroup.osdu</groupId>
       <artifactId>os-core-common</artifactId>
-      <exclusions>
-        <exclusion>
-          <groupId>org.elasticsearch.client</groupId>
-          <artifactId>elasticsearch-rest-client</artifactId>
-        </exclusion>
-      </exclusions>
+    </dependency>
+
+    <!--
+    Many dependencies contain library with vulnerabilities: net.minidev:json-smart:jar:2.3
+    because of that we need to enforce the higher version
+    -->
+    <dependency>
+      <groupId>net.minidev</groupId>
+      <artifactId>json-smart</artifactId>
+      <version>${json-smart.version}</version>
     </dependency>
 
     <dependency>
@@ -86,38 +85,16 @@
     </dependency>
 
     <!-- Azure dependencies -->
-    <dependency>
-      <groupId>com.microsoft.azure</groupId>
-      <artifactId>azure-spring-boot-metrics-starter</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-log4j2</artifactId>
-    </dependency>
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>azure-storage</artifactId>
       <version>8.6.5</version>
     </dependency>
     <dependency>
-      <groupId>com.microsoft.azure</groupId>
-      <artifactId>azure-active-directory-spring-boot-starter</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.microsoft.azure</groupId>
-      <artifactId>msal4j</artifactId>
+      <groupId>com.azure.spring</groupId>
+      <artifactId>azure-spring-boot-starter-active-directory</artifactId>
     </dependency>
     <!-- Other dependencies -->
-    <dependency>
-      <groupId>com.auth0</groupId>
-      <artifactId>jwks-rsa</artifactId>
-      <version>${jwks-rsa}</version>
-    </dependency>
-    <dependency>
-      <groupId>com.nimbusds</groupId>
-      <artifactId>nimbus-jose-jwt</artifactId>
-      <version>${nimbus-jose-jwt}</version>
-    </dependency>
     <dependency>
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>

provider/partition-azure/src/main/java/org/opengroup/osdu/partition/provider/azure/security/AADSecurityConfig.java

@@ -14,7 +14,7 @@
 
 package org.opengroup.osdu.partition.provider.azure.security;
 
-import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import com.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

provider/partition-azure/src/main/java/org/opengroup/osdu/partition/provider/azure/utils/AuthorizationService.java

@@ -14,12 +14,14 @@
 
 package org.opengroup.osdu.partition.provider.azure.utils;
 
-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipal;
+import com.azure.spring.autoconfigure.aad.UserPrincipal;
 import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
+import java.util.Map;
+
 @Component
 public class AuthorizationService implements IAuthorizationService {
 
@@ -64,9 +66,10 @@ public class AuthorizationService implements IAuthorizationService {
      */
     private UserType getType(UserPrincipal u) {
         UserType type;
-        if (u.getUpn() != null) {
+        Map<String, Object> claims = u.getClaims();
+        if (claims != null && claims.get("upn") != null) {
             type = UserType.REGULAR_USER;
-        } else if (u.getUniqueName() != null) {
+        } else if (claims != null && claims.get("unique_name") != null) {
             type = UserType.GUEST_USER;
         } else {
             type = UserType.SERVICE_PRINCIPAL;

provider/partition-azure/src/main/resources/application.properties

 LOG_PREFIX=partition
 server.servlet.contextPath=/api/partition/v1
-logging.level.org.springframework.web=DEBUG
+logging.level.org.springframework.web=${partition_spring_logging_level:INFO}
 JAVA_OPTS=-Dserver.port=80
 server.port=8080
 springfox.documentation.swagger.v2.path=/api-docs
+PARTITION_API=
 
 #logging configuration
 logging.transaction.enabled=true

provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/security/AADSecurityConfigTest.java

@@ -14,10 +14,9 @@
 
 package org.opengroup.osdu.partition.provider.azure.security;
 
-import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipalManager;
+import com.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import com.azure.spring.autoconfigure.aad.UserPrincipalManager;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.opengroup.osdu.partition.api.PartitionApi;

provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/security/WhoamiControllerTest.java

@@ -14,12 +14,13 @@
 
 package org.opengroup.osdu.partition.provider.azure.security;
 
+import com.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import com.azure.spring.autoconfigure.aad.UserPrincipalManager;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
@@ -36,9 +37,6 @@ import org.springframework.web.context.WebApplicationContext;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipalManager;
-
 @RunWith(SpringRunner.class)
 @PrepareForTest(SecurityContextHolder.class)
 @SpringBootTest(classes = {WhoamiController.class, AADSecurityConfig.class,

provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/utils/AuthorizationServiceTest.java

@@ -14,7 +14,7 @@
 
 package org.opengroup.osdu.partition.provider.azure.utils;
 
-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipal;
+import com.azure.spring.autoconfigure.aad.UserPrincipal;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.JWSObject;
@@ -69,7 +69,7 @@ public class AuthorizationServiceTest {
                 .build();
         final JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).build(),
                 new Payload(jwtClaimsSet.toString()));
-        return new UserPrincipal(jwsObject, jwtClaimsSet);
+        return new UserPrincipal("token", jwsObject, jwtClaimsSet);
     }
 
     private DummyAuthToken createSAuthToken(final String email, final String appcode) {

provider/partition-gcp/pom.xml

@@ -10,7 +10,6 @@
   </parent>
 
   <artifactId>partition-gcp</artifactId>
-  <version>0.9.0-SNAPSHOT</version>
   <description>Partition service on GCP</description>
   <packaging>jar</packaging>
 
@@ -19,12 +18,11 @@
     <dependency>
       <groupId>org.opengroup.osdu</groupId>
       <artifactId>partition-core</artifactId>
-      <version>0.9.0-SNAPSHOT</version>
+      <version>${project.version}</version>
     </dependency>
     <dependency>
       <groupId>org.opengroup.osdu</groupId>
       <artifactId>os-core-common</artifactId>
-      <version>0.3.28</version>
     </dependency>
 
     <dependency>

provider/partition-ibm/pom.xml

@@ -15,7 +15,6 @@
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>partition-ibm</artifactId>
-    <version>0.9.0-SNAPSHOT</version>
     <description>Partition service on IBM</description>
     <packaging>jar</packaging>
 
@@ -33,7 +32,7 @@
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>partition-core</artifactId>
-            <version>0.9.0-SNAPSHOT</version>
+            <version>${project.version}</version>
         </dependency>